From Fedora Project Wiki
NO WARRANTY IMPLIED BY RUNNING THIS SCRIPT. IT IS OUTDATED.
Script version of http://fedorasolved.org/Members/fenris02/post_upgrade_cleanup
You likely want to read the wiki page (above) and use the output from http://fedorapeople.org/cgit/fenris02/public_git/cleanup.git/plain/rpm-verify.sh rather than running this.
#!/bin/bash
# Script version of http://fedorasolved.org/Members/fenris02/post_upgrade_cleanup
# Do not set TMPDIR to any tmpfs mount, these files should remain after boot.
TMPDIR=/root/tmp
DEBUG=
VERBOSE='1'
LOG_ALL='1'
LANG=C
DS=$(date +%Y%m%d)
if [ "$(whoami)" != "root" ]; then
echo "Must be run as root."
exit 1
fi
ping -c3 -q 8.8.8.8 > /dev/null
if [ $? -eq 1 ]; then
echo "Please ensure you have network connectivity."
exit 2
fi
if [ $(runlevel |awk '{print$NF}') != "3" ]; then
echo "Must be run from runlevel 3."
exit 3
fi
cat -<<EOT
Press ^C now if you do not have a good backup of your system.
Please make sure you are not running on battery power. This cleanup may take
30mins of heavy I/O and this may cause problems if you lose power.
If you press enter, this script will try to auto-clean your system. Once
complete, you will need to reboot.
EOT
read
#
[ -n "$DEBUG" ] && VERBOSE='1'
[ -n "$VERBOSE" ] && set -x
#
[ -d "${TMPDIR}" ] || mkdir -p "${TMPDIR}"
# needs to be above logging start
[ -n "$VERBOSE" ] && echo 'Set selinux to permissive mode'
[ -n "$DEBUG" ] && read
setenforce 0
# Log all output to a file if LOG_ALL is set
if [ -n "$LOG_ALL" ]; then
PIPEFILE=$(mktemp -u ${TMPDIR}/${0##*/}-XXXXX.pipe)
mkfifo --context user_tmp_t $PIPEFILE
LOGFILE=$(mktemp ${TMPDIR}/${0##*/}-XXXXX.log)
tee -a $LOGFILE < $PIPEFILE &
TEEPID=$!
-t 1 && echo "Writing to logfile '$LOGFILE'."
exec > $PIPEFILE 2>&1
#exec < /dev/null 2<&1
fi
#
[ -n "$VERBOSE" ] && echo 'Cleaning up yumdb'
[ -n "$DEBUG" ] && read
rm /var/lib/rpm/__db.00?
rpm --rebuilddb
yum update -y /etc/*-release dracut rpm yum
yum clean all
yum-complete-transaction
#
[ -n "$VERBOSE" ] && echo 'Removing old packages from cache directories'
[ -n "$DEBUG" ] && read
DIST=$(rpm --eval '%{dist}')
for D in /var/cache/yum /var/lib/yum/plugins/local; do
[ -d $D ] \
&& find $D -type f -name \*.rpm \
|grep -v $DIST \
|xargs rm -f
done
#
[ -n "$VERBOSE" ] && echo 'Repairing permissions'
[ -n "$DEBUG" ] && read
[ -n "$VERBOSE" ] && echo 'This may take a few minutes, resetting user/group ownership'
time rpm -a --setugids > /dev/null 2>&1
[ -n "$VERBOSE" ] && echo 'This may take a few minutes, resetting permissions'
time rpm -a --setperms > /dev/null 2>&1
[ -x /usr/bin/package-cleanup ] || yum install -y yum-utils
YSHELL=${TMPDIR}/YUM-SHELL_${DS}.txt
YSHELL2=${TMPDIR}/YUM-SHELL2_${DS}.txt
# Reinstall desktops and sync
YSHELL3=${TMPDIR}/YUM-SHELL3_${DS}.txt
# Locate installed leaves packages that were installed as a dep of some other package
repoquery --installed --qf "%{nvra} - %{yumdb_info.reason}" \
package-cleanup --leaves -q --all
\
|grep '\- dep' \
|while read n a a; do \
echo remove $n
done > $YSHELL
# reinstall duplicate packages, might clean them without breaking
package-cleanup -q --dupes > ${TMPDIR}/DUPLICATE-PACKAGES_${DS}.txt
[ -s ${TMPDIR}/DUPLICATE-PACKAGES_${DS}.txt ] && \
cat ${TMPDIR}/DUPLICATE-PACKAGES_${DS}.txt | \
while read PKGNAME; do
rpm -q --qf 'reinstall %{name}.%{arch}\n' $PKGNAME >> $YSHELL
done
# Add default package sets
cat ->> $YSHELL <<EOT
reinstall policycoreutils*
reinstall selinux*
install fpaste
install redhat-lsb
install rpmconf
install yum-plugin-local
EOT
# Break out non-essential groups so that yum succeeds even on rawhide
cat ->> $YSHELL2 <<EOT
install @admin-tools
install @base
install @base-x
install @core
install @dial-up
install @fonts
install @hardware-support
install @input-methods
install @printing
install memtest86+
EOT
# Locate installed desktops -- Hack around broken depsolver
yum grouplist -v \
|sed '1,/^Installed/d;/^Available/,$d;s/[^()]*//;s/(//;s/)//;' \
|grep desktop \
|while read GROUP; do
echo "remove @${GROUP}" >> $YSHELL3
echo "install @${GROUP}" >> $YSHELL3
done
# Add default package sets
echo 'run' >> $YSHELL
# Break out non-essential groups so that yum succeeds even on rawhide
echo 'run' >> $YSHELL2
# Locate installed desktops -- Hack around broken depsolver
echo 'run' >> $YSHELL3
#
echo 'Generate package list before package-updates'
[ -x /usr/bin/show-installed ] || yum install -y yum-utils
show-installed -f kickstart -e -o ${TMPDIR}/SHOW-INSTALLED1_${DS}.txt
[ -n "$VERBOSE" ] && echo 'Importing Keys for Fedora versions: https://fedoraproject.org/keys'
[ -n "$DEBUG" ] && read
curl -s https://fedoraproject.org/keys |\
grep fedoraproject.org/static |\
cut -f2 -d\" |\
while read URL; do
rpm --import $URL
done
#
[ -n "$VERBOSE" ] && echo 'Removing dependency leaves and installing default package sets'
[ -n "$DEBUG" ] && read
[ -x /usr/sbin/semanage ] || yum install policycoreutils-python
semanage -o ${TMPDIR}/SELINUX-CUSTOM-CONFIG_${DS}.txt
mv /etc/selinux/targeted ${TMPDIR}/targeted.${DS}
mkdir -p /etc/selinux/targeted
time yum shell $YSHELL2 -y --disableplugin=presto --skip-broken
time yum shell $YSHELL3 -y --disableplugin=presto --skip-broken
time yum distribution-synchronization -y --disableplugin=presto --skip-broken
time yum shell $YSHELL -y --disableplugin=presto --skip-broken
[ -f /etc/PackageKit/CommandNotFound.conf ] \
&& sed -i -e 's/^SoftwareSourceSearch=true/SoftwareSourceSearch=false/' /etc/PackageKit/CommandNotFound.conf
# Something went around above if this directory does not exist
[ -n "$VERBOSE" ] && echo 'Resetting local selinux policy'
[ -n "$DEBUG" ] && read
[ -d /etc/selinux/targeted/policy ] || yum reinstall -y selinux-policy-targeted
semanage -i ${TMPDIR}/SELINUX-CUSTOM-CONFIG_${DS}.txt
#
[ -n "$VERBOSE" ] && echo 'Remove duplicate packages if any found.'
[ -n "$DEBUG" ] && read
package-cleanup --cleandupes
#
echo 'Generate package list after package-updates'
[ -x /usr/bin/show-installed ] || yum install yum-utils
show-installed -f kickstart -e -o ${TMPDIR}/SHOW-INSTALLED2_${DS}.txt
#
[ -n "$VERBOSE" ] && echo "Moving ~/.config/ directories to ~/.config.${DS}"
[ -n "$DEBUG" ] && read
getent passwd \
|while IFS=: read userName passWord userID groupID geCos homeDir userShell; do
[ -d "${homeDir}/.config" ] \
&& mv "${homeDir}/.config" "${homeDir}/.config.${DS}"
done
#
[ -n "$VERBOSE" ] && echo 'Correct labels.'
[ -n "$DEBUG" ] && read
[ -x /sbin/fixfiles ] || yum install -y policycoreutils
time fixfiles -R -a restore
#
[ -n "$VERBOSE" ] && echo 'Merge *.rpmnew files semi-automatically.'
[ -n "$DEBUG" ] && read
[ -x /usr/sbin/rpmconf ] || yum install -y rpmconf
rpmconf -a
#
[ -n "$VERBOSE" ] && echo 'Build problem report.'
[ -n "$DEBUG" ] && read
[ -f /etc/sysconfig/prelink ] \
&& . /etc/sysconfig/prelink \
&& /usr/sbin/prelink -av $PRELINK_OPTS >> /var/log/prelink/prelink.log 2>&1
#
[ -n "$VERBOSE" ] && echo 'configure dynamic linker run-time bindings'
/sbin/ldconfig
#
[ -n "$VERBOSE" ] && echo 'Verify all installed packages'
[ -n "$DEBUG" ] && read
time rpm -Va > ${TMPDIR}/RPM-VA_${DS}.txt 2>&1
# Need a better way to fix caps
[ -n "$VERBOSE" ] && echo 'Reset file capabilities'
[ -n "$DEBUG" ] && read
egrep '^.{8}P ' ${TMPDIR}/RPM-VA_${DS}.txt \
|awk '{print$NF}' \
|xargs rpm --filecaps -qf \
|grep '= cap' \
|while read fileName eq fileCaps; do
rpm --qf '%{name}.%{arch}\n' -qf "${fileName}" >> ${TMPDIR}/FCAPS-REINSTALL_${DS}.txt
setcap "${fileCaps}" "${fileName}"
done
sort -u -o ${TMPDIR}/FCAPS-REINSTALL_${DS}.txt ${TMPDIR}/FCAPS-REINSTALL_${DS}.txt
#yum reinstall -y $(cat ${TMPDIR}/FCAPS-REINSTALL_${DS}.txt)
#
[ -n "$VERBOSE" ] && echo 'Generate reports'
[ -n "$DEBUG" ] && read
time rpm -Va > ${TMPDIR}/RPM-VA2_${DS}.txt 2>&1
egrep -v '^.{9} (c /| /lib/modules/.*/modules\.)' ${TMPDIR}/RPM-VA2_${DS}.txt > ${TMPDIR}/URGENT-REVIEW_${DS}.txt
egrep '^.{9} c /' ${TMPDIR}/RPM-VA2_${DS}.txt > ${TMPDIR}/REVIEW-CONFIGS_${DS}.txt
find /etc -name '*.rpm?*' > ${TMPDIR}/REVIEW-OBSOLETE-CONFIGS_${DS}.txt
# Stop logging. No changes below this point.
if [ -n "$LOG_ALL" ]; then
echo "Kill off logger"
#exec 1>&- 2>&-
#kill $TEEPID
rm $PIPEFILE
#wait $TEEPID
fi
# Reboot script that works even when init has changed
cat -> ${TMPDIR}/raising-elephants.sh <<EOT
#/bin/bash
# Try this first:
shutdown -r now
sysctl -w kernel.sysrq=1 || echo 1 > /proc/sys/kernel/sysrq
#https://secure.wikimedia.org/wikipedia/en/wiki/Magic_SysRq_key#.22Raising_Elephants.22_mnemonic_device
# "Raising Elephants Is So Utterly Boring"
for ST in r e i s s s u b; do
echo \$ST > /proc/sysrq-trigger
done
#EOF
EOT
chmod 0700 ${TMPDIR}/raising-elephants.sh
# Done
echo "Verify packages are installed the way you want and then type ${TMPDIR}/raising-elephants.sh"
#EOF